Amazon Alexa Security Bug Allowed Access to Voice History
DannyB writes:
Amazon Alexa security bug allowed access to voice history:
A flaw in Amazon's Alexa smart home devices could have allowed hackers access personal information and conversation history, cyber-security researchers say.
Attackers could install or remove apps on a device without the owner knowing, Check Point Research reports.
The hack "required just one click [by the attackee] on an Amazon link" purposely crafted by the attacker, it says.
The firm told Amazon about the flaw, which has now been fixed.
[...] Check Point said the hack required the creation of a malicious Amazon link, which would be sent to an unsuspecting user.
Once they clicked the link, the attacker could get a list of all installed Alexa "skills" - or apps - and steal a token allowing them [to] add or remove skills.
One way to use the flaw would be to remove a skill and then install a malicious one that uses the same "invocation phrase" - the series of spoken words used to trigger it. This could have been done without the user knowing.
The next time the user tried to activate that skill, it would have run the attacker's app instead.
Read more of this story at SoylentNews.